W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

RE: Section 6.1

From: Barb Fox <bfox@Exchange.Microsoft.com>
Date: Mon, 12 Jun 2000 20:21:57 -0700
Message-ID: <96BABA22ECEAEA45B53D08D63E1B567826F179@DF-SPIKE.platinum.corp.microsoft.com>
To: <tgindin@us.ibm.com>
Cc: <w3c-ietf-xmldsig@w3.org>, <reagle@w3.org>

I object to this change. I don't think it clarifies anything because the
use of a cryptographic key is implied. Further, it leaps to the
conclusion that this working group wants to leave the door open to a
next version with non-cryptographic signatures. I don't see any
broad-based support for this, so let's just close this issue and get on
with interoperability testing.

If some future implementors of "electronic" signatures want to define a
new, non-cryptographic signature method, they can use the DSig syntax,
but they will need to define a new namespace.


-----Original Message-----
From: tgindin@us.ibm.com [mailto:tgindin@us.ibm.com]
Sent: Monday, June 12, 2000 5:17 PM
To: Barb Fox
Cc: w3c-ietf-xmldsig@w3.org; reagle@w3.org
Subject: Re: Section 6.1

     To avoid foreclosing subsequent versions of the standard from
general electronic signatures, I propose that the third sentence of
Barbara's text be changed to the following:  "However, the present
of this specification REQUIRES cryptographic SignatureMethods for
SignatureValue generation and verification, and these methods shall
at least one cryptographic key for verification."  The last clause rules
out pure digest algorithms, without which the requirement has little

          Tom Gindin

"Barb Fox" <bfox@Exchange.Microsoft.com> on 06/12/2000 04:37:36 PM

To:   w3c-ietf-xmldsig@w3.org
cc:   reagle@w3.org
Subject:  Section 6.1

To close on the issue of electronic signatures, I propose that the
following text be included as paragraph two in Section 6.1, Algorithm
Identifiers and Implementation Requirements:

"This specification defines a set of algorithms, their URIs, and
for implementation. In general, requirements apply to
implementations, not to signature use. However, this specification
REQUIRES cryptographic
SignatureMethods for SignatureValue generation and verification. Other
authenticators (electronic, biometric, etc.) may be included ONLY as a
supplement to the cryptographic signature via the SignatureProperty

This should remove any ambiguity.

Received on Monday, 12 June 2000 23:23:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC